USB redirection works independently of the display protocol (RDP or PCoIP) and USB traffic usually uses TCP port 32111.
Network traffic between a client system and a remote desktop or application can travel various routes, depending on whether the client system is inside the corporate network and how the administrator has chosen to set up security.
- If the client system is inside the corporate network, so that a direct connection can be made between the client and desktop or application, USB traffic uses TCP port 32111.
- If the client system is outside the corporate network, the client can connect through a View security server.
A security server resides within a DMZ and acts as a proxy host for connections inside your trusted network. This design provides an additional layer of security by shielding the View Connection Server instance from the public-facing Internet and by forcing all unprotected session requests through the security server.
A DMZ-based security server deployment requires a few ports to be opened on the firewall to allow clients to connect with security servers inside the DMZ. You must also configure ports for communication between security servers and the View Connection Server instances in the internal network.
For information on specific ports, see "Firewall Rules for DMZ-Based Security Servers" in the View Architecture Planning Guide.
- If the client system is outside the corporate network, you can use View Administrator to enable the HTTPS Secure Tunnel. The client then makes a further HTTPS connection to the View Connection Server or security server host when users connect to a remote desktop or application. The connection is tunneled using HTTPS port 443 to the security server, and then the onward connection for USB traffic from the server to the remote desktop or application uses TCP port 32111. USB device performance is slightly degraded when using this tunnel.
Note: If you are using a zero client, USB traffic is redirected using a PCoIP virtual channel, rather than through TCP 32111. Data is encapsulated and encrypted by the PCoIP Secure Gateway using TCP/UDP port 4172. If you are using only zero clients, it is not necessary to open TCP port 32111.